SQLMAP - Automatic SQL Injection Pentest tool

Sqlmap Description

The tool is instructed to identify possible SQL injections and exploit them by enumerating and dumping entries of all databases' tables containing one or more of the columns specified by the user. sqlmap always stores dumped entries in a local CSV file upon successful dump. The technique used to dump this data from the back-end database software is the default, boolean-based blind SQL injection.

It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

download sqlmap : here

See the Official sqlmap video demonstration

Read More

Sql Injection Vulnerability Found in Avira

 

Reply from Avira !

I found sqli Vulnerability on avira Website .

I was reported to avira security team to fix it . They replied me.
Unfortunately, Avira currently does not provide any form of compensation for security testing that did not have a contract in place prior to the start of the testing.

anyway i keep going for better work on getting the Vulnerability to be  fixed.

^-^

Read More